NAPA Net - Polling Places 022820

Are You Psyched About Cybersecurity?

Willie Sutton once famously remarked that he robbed banks “because that’s where the money is.” These days cyber criminals might say the same thing about 401(k) plans. This week, we’re checking in on your (and your plan sponsor clients’) cyber insecurities.

Though such attempts don’t often make the headlines, 401(k) plans have become prime targets for two specific types of attacks; theft of money (via fraudulent online transactions) and theft of identity data.

Now, ERISA doesn’t have any specific language regarding data protection, and – recent litigation notwithstanding, there’s not yet any court ruling that would classify participant data as a “plan asset.” But still, participant data – how it is gathered, transmitted, and ultimately maintained – is a highly sensitive issue.

Question Title

* 1. Are your plan sponsor clients/prospects concerned about cyber-security?

Yes

Yes - and more so every day

Some yes, others not so much

Not really

Not that I can tell

Comments/observations on that trend (or lack thereof)?

Question Title

* 2. Generally speaking, what's your plan sponsors' level of concern about cyber-security relative to a year ago?

About the same.

A bit more concerned.

A lot more concerned.

A bit less concerned.

A lot less concerned.

I don't really know.

Comments/observations on that trend (or lack thereof)?

Question Title

* 3. Is this an issue that you're bringing up with your plan sponsor clients/prospects?

Yes, every chance I get

Not really

With some, not all.

Not yet.

They bring it up before I do!

Comments/observations on that trend (or lack thereof)?

Question Title

* 4. Are cybersecurity measures/standards a consideration in terms of the recordkeepers you choose to work with

Yes, a key factor.

Yes, but only one of many factors.

It's something we ask about.

No.

Not yet.

Other thoughts?

Question Title

* 5. What new cybersecurity measures (if any) have your recordkeeper partners taken over the past year (check all that apply)?

installed new software

implemented new transmission protocols

put up new/expanded firewalls

initiated phishing awareness campaigns

nothing new

not sure

email alerts/communication about the issue

Anything else?

Question Title

* 6. What new cybersecurity measures (if any) have you/your firm taken over the past year (check all that apply)?

installed new software

additional education programs

put up new/expanded firewalls

initiated internal phishing awareness campaigns

implemented new screening protocols for trading partners

nothing new

Something else?

Question Title

* 7. Have you (at home or at work) been victimized by some kind of cyber-maliciousness?

yes - personal

yes - work

yes - personal and work

not yet

no, but I know folks who have been

Care to share (anonymously, of course) what happened?

Question Title

* 8. Other comments about cybersecurity, the lack of cybersecurity, the interest in cybersecurity, the lack of interest in cybersecurity, the vulnerabilities of certain processes/providers, the challenges resulting from taking steps to increase cybersecurity, the complications involved with tightening accessability, or life in general?

Question Title

* 9. What is your role working with retirement plans?

Advisor

Provider

TPA

Plan sponsor

Recordkeeper

Other (please specify)

Question Title

* 10. What size plans do you PRIMARILY work with?

Under $10 million in assets

$10-$20 million

$20-$50 million

$50-100 million

$100 million - $250 million

$250 million - $500 million

Above $500 million

Other (please specify)

Question Title

* 11. Suggestions for future survey questions? Seriously - what would you like to know about/from your fellow NAPA-Net readers? Or what would you like to be asked?